1. Having and implementing an Information Security System is imperative to creating a secure environment for personally identifiable information. Red Clay Renovations comes in contact with thousands of customers personal data that if jeopardized could cause irreversible damage to one’s financial state. “An ISMS is a systematic approach to managing sensitive company information so that it remains secure” (“ISO/IEC 27001 – Information security management”, 2016).
The goal to implementing ISMS is to make sure that all data that runs through the veins within Red Clay Renovation’s stays secure and the integrity of the information isn’t decreased by virtual and physical threats. “It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture” (“What is information security management system (ISMS)? – Definition from WhatIs.com”, 2016).
Steps to take when creating and implementing an information security system are; defining the security policy, define the scope, conducting a risk assessment, identify risks, and select controls to be implemented. These steps if followed will allow for employees to understand the reasoning of this policy as well as creating an easy transition. The steps include documentation to be kept and updated as well as responsibilities for management. Communication and cooperation among all employees and the higher up will allow for the ISMS to become imbedded correctly. Which will then lead to great success in securing the personal data that Red Clay Renovation’s collects from its customers.
The benefits from implementing this process is “it demonstrates a clear commitment ot information security management to third parties and stakeholders” (“What is ISO 27001 and why is it so important for organisations? – KRYPSYS”, 2016). It also builds the framework for Red Clay Renovations to successfully fulfil contractual and legal responsibilities as a company. Making sure that the risk factor for Red Clay Renovations is very low will be number one priority when creating a trust relationship with clients and customers. With this type of security process, other business will also be more inclined to join in a business relationship with Red Clay Renovations; this will in turn become a positive aspect for the companies.
Therefore, creating and implementing an Information Security System can and will be a positive experience for not just Red Clay Renovation’s but also all other businesses that want to join as well as the customers. When an environment such as Red Clay Renovation’s thinks and plans for the future they will succeed. Red Clay Renovations has a data center that needs to be protected 24/7 physically and virtually. Having procedures that does this in place will accomplish the goal of security and keeping all personally identifiably information safe and keep the integrity in good standings.
ISO/IEC 27001 – Information security management. (2016). ISO. Retrieved 8 November 2016, from http://www.iso.org/iso/home/standards/management-s…
What is information security management system (ISMS)? – Definition from WhatIs.com. (2016). WhatIs.com. Retrieved 8 November 2016, from http://whatis.techtarget.com/definition/informatio…
What is ISO 27001 and why is it so important for organisations? – KRYPSYS. (2016). KRYPSYS. Retrieved 8 November 2016, from https://www.krypsys.com/iso27001/iso-27001-importa…
Red Clay Renovation’s cybersecurity program is paramount to supporting the business strategy and ensuring continuity of operations. The cybersecurity program, which is headed by the Chief Information Officer (CIO) and the Chief Information Security Officer (CISO), is intended to utilize a security framework which encompasses administrative, physical, and technical controls to protect the critical cyber systems that support our business operations (Bacik, S., 2011).
The company’s information systems processes and stores sensitive information about customers. Protecting this data against breach or compromise is the responsibility of our company. We must ensure that we remain compliant on the laws and regulations governing businesses and remaining eligible in utilizing financial processing systems. In order to maintain security of business assets and customer relations, we must effectively implement and utilize our cybersecurity program.
The objectives of the program are to protect the cyber systems architecture and the information critical to our business processes. The cybersecurity policy will outline the requirements and expectations of each company employee in the protection and use of the cyber systems. In addition to the policy, the cybersecurity team will incorporate a cyber risk management process into establish risk programs. Also, it is important to consider cybersecurity training programs to promote and educate cyber awareness for all employees (Rehman, R., 2014, January 6).
The CISO will be responsible for the cybersecurity program, along with the implementation and management of the cybersecurity policies. The outcomes of the program should address any issues that may affect Red Clay’s business and provide a plan to address any incidents that may adversely affect business operations. The CISO must ensure that any policy conforms to all laws and regulations governing our business processes and protects employees and customers from harm.
The cybersecurity program utilized the National Institute of Standards and Technology (NIST) Cybersecurity Framework (SP 800-53) to design and implement the primary principles and best methods in risk management, cyber systems and networks management, policy and procedures, regulatory and audit compliance. Overall, the objective of the program aims to reduce cyber risk while enhancing our resiliency for incidents.
Our cybersecurity policy defines the roles and responsibilities of each company employee and outlines the requirement for managing the cybersecurity program. This policy identifies the members responsible for managing the cybersecurity program and the details of each task objectives. The multiple task listed under the policy are: risk assessment, policy and governance, awareness training, and regulatory compliance.
Our team has developed a cybersecurity policy to address the unique organizational structure and needs of our specific business strategy utilizing the concepts of ISO 27001. ISO 27001 is an effective information security management system, which provides guidance for the deployment of best practice methods in IT management (IT Governance, 2013). Also, the ISO standard is an industry-accepted certification process that provides assurances in the level of cybersecurity and IT management.
This certification will provide some level of recognition amongst our business partners and customers, because of the stature of the International Organization of Standards (ISO). Regardless of budgetary constraints, allowing our cybersecurity program to adopt the ISO 27001 standards will provide assurances to our cybersecurity capabilities. If we are not able to allocate funds this year in implementing the ISO 27001, we can revert back to our original cybersecurity program, which has been designed with the same concepts and processes offered within the ISO framework.
Applied Trust. (2008, Q3). Every company needs to have a security program. The Barking Seal. Retrieved from https://www.appliedtrust.com/sites/default/files/a…
Bacik, S. (2011). Developing a cybersecurity policy architecture. Retrieved from http://www.enernex.com/wp-content/uploads/2011/09/…
Department of Homeland Security. (2008). Directives system (Directive No. 112-01, Revision 0). Retrieved from https://www.dhs.gov/sites/default/files/publicatio…
IT Governance. (2013). Information security & ISO 27001. Retrieved from http://www.itgovernance.co.uk/files/Infosec_101v1….
Rehman, R. (2014, January 6). Five steps to jump start your information security program. Retrieved from http://news.verizonenterprise.com/2014/01/informat…
University of Maryland University College. (2016). Developing internal policies and guidance documents (version 2). Adelphi, MD: Author.